fix: enforce permission checks in glob()#360
Draft
toddr-bot wants to merge 1 commit intocpan-authors:mainfrom
Draft
fix: enforce permission checks in glob()#360toddr-bot wants to merge 1 commit intocpan-authors:mainfrom
toddr-bot wants to merge 1 commit intocpan-authors:mainfrom
Conversation
glob() was returning all matching mocked files regardless of directory permissions, while opendir() correctly enforced read permission checks. This inconsistency meant that a non-owner user could bypass directory access controls via glob patterns. Add _glob_path_accessible() helper that checks: - Read permission on parent directory (to list contents) - Execute permission on all ancestor directories (to traverse path) Fixes cpan-authors#359 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Enforce directory permission checks in
glob()whenset_user()is active.Why
glob()bypassed all permission checks, returning mocked files from directories the simulated user shouldn't be able to read. This was inconsistent withopendir()which correctly checks read permission (line 3464). Realglob(3)respects directory permissions — our mock should too.How
Added
_glob_path_accessible()helper (placed near existing_check_perms/_check_parent_perms) that verifies:The filter runs after
match_glob()and before the real-FS merge, only when$_mock_uidis defined. No performance impact when permission simulation is off.Testing
New
t/glob_perms.tcovering:Full test suite passes (94/95 — only pre-existing
fh-ref-leak.t#179 failure).Fixes #359
🤖 Generated with Claude Code
Quality Report
Changes: 2 files changed, 148 insertions(+)
Code scan: clean
Tests: failed (4 Failed, 95 test)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline